Legal

Privacy Policy

How Continum collects, uses, and protects information when you use our websites, products, and services.

1. Who we are

Continum ("Continum", "we", "us", or "our") is a stateless Compliance Intelligence layer designed for the 2026 AI economy. We provide a "Shadow Audit" API and the Aegis Sandbox to help AI startups and enterprises meet regulatory requirements such as the EU AI Act, CCPA, GDPR, HIPAA, and ISO 42001 without adding latency or storing sensitive user data.

2. Information we process

We distinguish between (a) information we process as part of our marketing and commercial operations and (b) transient data processed by our Shadow Audit API and Aegis Sandbox.

2.1 Website and commercial operations data

We may process the following categories of information:

  • Contact information (such as name, email, company, role) you provide to us.
  • Commercial information (such as messages, call notes, billing details) when you contact sales, request demos, or become a customer.
  • Usage information related to visits to our public website (e.g., pages viewed, referrers, device and browser characteristics), typically in aggregated or pseudonymised form.

2.2 Shadow Audit API and Aegis Sandbox data

Our core products are designed as stateless, RAM-only services. When you mirror system prompts, user inputs, and model outputs to our Shadow Audit API:

  • Payloads are processed in volatile memory solely for the purpose of compliance analysis (e.g., adversarial simulation, PII/PHI extraction, bias drift checks, jurisdictional mapping).
  • Raw prompts and responses are not written to disk or persisted in long-term storage, unless you explicitly request a different mode in writing.
  • We may create and retain anonymised or aggregated violation metadata (for example: "Request #402 contained a PII leak") for the purpose of reporting, rate limiting, tuning policies, and demonstrating compliance to auditors.

3. How we use information

We use information for the following purposes:

  • To provide, maintain, and improve the Shadow Audit API and Aegis Sandbox.
  • To help customers configure and tune their Aegis Sandbox environments.
  • To comply with regulatory requirements and respond to lawful requests from regulators or supervisory authorities.
  • To monitor platform stability, prevent abuse, and improve the security and robustness of our systems.
  • To communicate with you about updates, new features, security notices, and support matters.

4. Data minimisation and stateless design

Continum is built around a Zero-Knowledge design. Our default posture is to avoid collecting or persisting personal data where possible.

  • Shadow Audit payloads are processed in RAM-only environments and wiped after analysis.
  • Customers can configure what categories of data are permitted to be mirrored to Continum via "Compliance-as-Code" SDK settings.
  • Violation metadata stored for dashboards does not include raw prompts or plain-text personal identifiers by default.

5. Regional data sovereignty

To satisfy regional data residency requirements (for example, in the EU, Uganda, Kenya, Rwanda, or other jurisdictions), Continum can route audits to specific regional clusters:

  • Customers may configure which regions are eligible to process mirrored payloads.
  • Where required by law, we limit processing to infrastructure located within the relevant jurisdiction.
  • We maintain a record of the region in which a given audit was performed for compliance reporting.

6. Legal bases for processing

Where applicable (for example under the GDPR), we rely on the following legal bases to process personal data:

  • Performance of a contract when providing services to customers under our subscription agreements.
  • Legitimate interests in operating, securing, and improving our products, provided those interests are not overridden by your rights and freedoms.
  • Compliance with legal obligations, including sectoral or regional regulatory requirements.
  • Consent, where we rely on it (for example, for certain marketing cookies or optional communications).

7. Sharing and disclosures

We do not sell personal information. We may share information with third parties in the following situations:

  • With infrastructure and security providers who help us operate our platform, under appropriate data protection agreements.
  • With regulators, auditors, or other competent authorities when legally required.
  • In connection with a corporate transaction such as a merger, acquisition, or financing, subject to appropriate confidentiality protections.

8. Data retention and deletion

Because our core services are stateless by design, raw Shadow Audit payloads are not retained beyond the time needed to complete the analysis. We retain:

  • Account and billing records for as long as necessary to comply with law.
  • Violation metadata and audit logs for periods agreed with our customers.
  • Website analytics and logs for limited periods needed for security and performance monitoring.

9. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the use of your personal data, as well as the right to object to certain processing or to data portability.

To exercise these rights, please contact us at privacy@continum.co. We may need to verify your identity before responding.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law or our services. When we make material changes, we will update the effective date and may provide additional notice.